Microsoft PowerPoint Used In Malware Scheme

Microsoft’s PowerPoint is the latest mechanism for delivering malware.

TrendMicroreports today that a new method “abuses
PowerPoint Slide show — the first time we have seen this approach used in the wild before.” The scheme apparently targets companies in the electronics industry.

“The exploit
arrives as a spear-phishing email attachment, purportedly from a cable manufacturing provider, that drops a remote access tool as its final payload,” TrendMicro writes.

The
message refers to “the specified order.” But the user who opens the message will receive “a PPSX file that shows the following when clicked: CVE-2017-8570,” TrendMicro
continues.

However, the malware apparently exploits CVE-2017-0199, “a leftover mistake from the toolkit developer, which the sender did not choose to change,” TrendMicro
notes.

But there was no danger to Microsoft users who had received updates.

“Given that Microsoft already addressed this vulnerability back in April, users with updated patches
are safe from these attacks,” TrendMicro continues. “Cases like this highlight the need for users to be cautious when opening files or clicking links in their emails — even if
they come from seemingly legitimate sources.”

In a separate episode, banking customers are being victimized with “a notorious banking Trojan,” according to ZDNet.

Uncovered by security researchers at Cyren, the latest
Trickbot distribution campaign sent over 75,000 emails in 25 minutes, all claiming to be from Lloyds Bank, one of the UK's biggest banks,” ZDNet writes.

It adds: “Emails
were sent with the subject 'Incoming BACs', a reference to BACS, a system that allows users to make payments directly from one email account to another. The emails claim that the target needs to
review and sign attached documents.”